Windows Azure Active Directory Supports JSON Web Tokens

Many of you may not have realized that the developer preview of Windows Azure Active Directory (AD) supports the JSON Web Token (JWT). We just haven’t talked about it much in this blog or in our developer documentation. JWT is a compact token format that is especially apt for REST based development. Defined by the OAuth Working Group at the IETF, JWT is also one of the basic components of OpenID Connect. JWT use is growing, and products supporting the format are increasingly common in the industry. Windows Azure Active Directory already issues JWT’s for a number of important scenarios, including securing calls to the Graph API, Office 365 integration scenarios and protection of 3rd party REST services.

Today I’m excited to let you know that we’ve just released the JSON Web Token Handler for the Microsoft .NET Framework 4.5, a .NET 4.5 assembly that (distributed via a NuGet package) to make it easy for .NET developers to use the JWT capabilities of Windows Azure AD. The JWT handler provides a collection of classes you can use for deserializing, validating, manipulating, generating, issuing and serializing JWTs. .NET developers will be able to use the JWT format both as part of existing workloads (such as Web single sign on) and within new scenarios (such as the REST based solutions made possible by the Windows Azure Authentication Library, also in preview) with the same ease they’d experience when using token formats supported out of the box, such as SAML2.0.

For more details on how to use the handler, including some concrete examples, please refer to Vittorio’s post here.

The JSON Web Token Handler provides a new capability for our platform which was previously obscured within the preview of the Windows Azure Authentication Library. We heard your feedback, and as part of our refactoring we made available that functionality as an individual component in its own right. Moving forward, you can expect other artifacts to build on it to deliver higher-level functionality such as support for protocols taking advantage of JWT.

I look forward to your comments, questions and feedback below and in the forums.